On 28 Jan 2004 07:32:46 -0800 [EMAIL PROTECTED] wrote:
> Anyone have any pointers to information about the relative merits
> of using Kerberos or LDAP for authentication in a large heterogeneous
> environment?
I think other responses are missing the bigger picture.
You are almost certainly (I'd b
cyberp70 <[EMAIL PROTECTED]> writes:
> We currently use Kerberos for authentication for almost everything on
> our network. Some people here are advocating switching to using LDAP
> for authentication (we already have a pretty well developed LDAP
> infrastructure). This would of course require e
Hello,
I am working on setting up a eMAC running OS 10.3 and using its
built in kerberos 5 to authenticate through our sever dce.psu.edu. I am
receiving an incorrect net address error when i try to grab a ticket from
our server from the MAC. Now our server is only kerberos 4. I have rea
At the risk of starting a religious war
We currently use Kerberos for authentication for almost everything
on our network. Some people here are advocating switching to using
LDAP for authentication (we already have a pretty well developed LDAP
infrastructure). This would of course require ev
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
GSSAPI Kerberos V5 is being used for authentication
LDAP is being used for authorization. This is not the same
as using LDAP for authentication.
Jeffrey Altman
Harry Le wrote:
> Not entirely true.
>
> Most LDAP servers now support the SASL/GSSAPI mechanism. It uses Kerberos
> V5 creden
On Wed, Jan 28, 2004 at 04:35:55PM -0500, Kevin Coffman wrote:
> But it does require you to send your password (over SSL) to the LDAP server
> which then uses SASL/GSSAPI to verify the password? Isn't that how this
> works, or am I missing something?
No, you are talking about using something like
Harry, others,
The SASL/GSS mechanism supported by the LDAP server is used to securely access the
directory. Using SASL/GSS and LDAP does not help authenticate a user so he/she can use
an application which then presents the users identity to another application
components in a secure manner - t
But it does require you to send your password (over SSL) to the LDAP server
which then uses SASL/GSSAPI to verify the password? Isn't that how this
works, or am I missing something?
K.C.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Harry Le
Sent: Wedn
Let me try to explain this another way...
General rule: Your password should only be accessible to a trusted computer.
There are three computers in a potential transaction.
1. The Client Computer -- Trusted
2. The KDC/LDAP Server -- Trusted
3. The Server-- UNTRUSTED
When using K
Normally, it is not allowed client user to modify password, but LDAP server
login admin user will be able to do it. Actually, LDAP server is an
authentication service provider.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Harry Le
Sent: Wednesday,
Not entirely true.
Most LDAP servers now support the SASL/GSSAPI mechanism. It uses Kerberos
V5 credentials to authenticate users against LDAP directories. This will
not require users to change passwords. For data privacy, use SSL.
Joseph
-Original Message-
From: [EMAIL PROTECTED]
LDAP is not an authentication infrastructure.
All you are doing with LDAP is providing a database of usernames
and passwords which is accessible over the network. Your users
must then transmit said usernames and passwords across the network
to a potentially compromised machine in order for them to
13 matches
Mail list logo